SaaS Sign-on
The SaaS Sign-on report provides debugging and activity tracking logs for the multi-factor authentication and single sign-on activity. The Export feature allows you to download SaaS sign-on report data as a CSV file. The SaaS sign-on reports have a retention period of 90 days.
Select the Service Provider, Auth Modes (Zero Sign-on or Multi Factor Authentication), Auth Methods (OTP, Push, QR Code, IDP Login), and the Status appropriately to fetch the desired report. The Auth Method that you select displays the appropriate Status for that method. Select the Status that is applicable to the method from the list.
| TIP: | For UserID, enter a partial or complete UserID in the query search bar. |
Figure 1. SaaS sign-on report
The following table provides the multi-factor authentication actions logged and reported in Reports > SaaS Sign-on.
|
Status |
Description |
| Device Status | |
|
Activated device |
User activates the client app. The client app is either Go or Authenticator. |
|
Deactivated device |
User deactivates the client app. The client app is either Go or Authenticator. |
|
No activated device |
User tries to log in through the client app but has not activated the client app on a device. |
|
Non Compliant Device |
The users device does not meet the compliance policy. |
|
Authentication Status |
|
|
Error |
Push notification could not be sent. |
|
IDP Login Attempted |
User logs in using identity provider instead of SaaS Sign-on. |
|
OTP incorrect |
User uses an incorrect one-time passcode (OTP). |
|
OTP successful |
User uses one-time passcode (OTP) to approve the transaction and is successful. |
|
Push rejected |
Firebase or APNS returned an error, therefore a push notification was not sent. |
|
Push successful |
Push is successfully sent to the Firebase or APNS service. |
|
QR code scanned |
Allows the user to view only logs for authentication to the service provider done using QR code. |
|
Sign-In requested |
A sign-in request is received by notification or QR scan. |
|
Saas Sign-on Configuration |
|
|
Invalid transforms |
Configuration for SaaS sign-on in Access in Profile > SaaS Sign-on is incorrect. An incorrect configuration results in an exception during evaluation of the MiTra against the Tunnel certificate. |